HOWTO - SQUID - Linux Webcache/Proxy Server

This article is a HOWTO on the installation and configuration of SQUID. If you are looking for a dedicated webcache solution, see the article on Smoothwall. It's a dedicated linux firewall that includes squid.

What is SQUID?

SQUID is a webcache and proxy server for Linux and UNIX. It is widely supported by the open source community and is used on most medium to large networks. You may consider installing SQUID if your network:

Has a large amount of Internet users (>=100)

Consistently downloads files from remote servers

Has a need to control Internet access

All of the above can be accomplished using SQUID. It is highly customizable and, therefore, can be used in many dynamic situations and topologies. You can view the main file for a complete guide of options. I will tell you that the conf file is very long. Editing with vi can take some time if you want to look through all the options. I have provided a usable squid.conf file to download here.

Configuring SQUID

Assuming you already have SQUID installed, let's move the squid.conf file to the proper place. In the example below, /export/temp/ is where I had my squid.conf file temporarily stored. I used the simple move "mv" command to move it to the /etc/squid/ folder. This example was performed on Red Hat Enterprise Linux 3, but this should work the same in other versions of Linux and FreeBSD.

Remember, you must be logged in as root to perform some of these operations. The squid.conf file available from this site is setup for very general use. The cache_mgrt has not been defined and should be your e-mail address. As far as the networking goes, this file is using the 192.168.x.x non-routable network. You may need to edit this to reflect your IP scheme. To begin, you must initialize the squid

Transparent Proxying

You may want SQUID to run transparently. This means your clients will not have to change the settings in their browsers, and they will not even know they are using SQUID. Your server running squid (with 2 network interfaces) must use IPTABLES. I am not going to force these commands because I am not using a transparent proxy. The iptables command you will need is:

You will also need to enter this command into your bootup script under /etc/rc.d/ so that it runs every time the machine is rebooted. Now, you may have a dedicated routing box and a dedicated server running squid...something like this:

You will need to redirect traffic from the dedicated box by using these commands for IPTABLES (exclude the "" marks because they are only there to show you what you need to change):